Enterprises need to deploy a layered defense and make data protection everyone’s business.

Seeing Real Improvement

Companies that have deployed layered security
report seeing real improvements in the
level of their vulnerability.
For instance, Redwood Credit Union, in Santa Rosa,
Calif., has built a multilayered defense that includes a first layer consisting
of dual firewalls with multiple DMZs (i.e.,
perimeter networks) to
segment traffic, coupled with virtual LANs on switches and a segmented IP
network.

At the second layer, the company has a set of
intrusion detection systems (IDS) and intrusion prevention systems (IPS) that
watch all inbound, outbound and cross-network traffic. Redwood also uses an
email scanning and spam filtering tool that further reduces threats, along
with
virus protection on all its PCs and servers.

“We also have an aggressive set of policies on the
network, with access restrictions to almost all files and directories on an 'as
needed’ basis,” says Tony Hildesheim, senior vice president of IT. “To ensure
further protection, we have a set of controls
that includes network monitoring and periodic checks and audits.”

The efforts at Redwood Credit have paid off. “We have been
fortunate to not have had any loss or issues as a
result of an attack,” Hildesheim says. “We have been able to stop a number
of virus and Trojan attacks, typically at the IDS/IPS device, prior to
it attacking a PC or other device. We’re also careful to not draw
attention to our organization and to address phishing or other attacks
aggressively to ensure that we are not an organization that provides an easy
target.”

Hildesheim
estimates that his company deals with about 40 attacks monthly—malware, trojans
or other viruses—but all of them are averted, largely because of email scanning
tools and the local scanning and IDS/IPS that augment the firewall. The company
also experiences about 100 "suspicious hits" and about 20
validated hits a month, all of which are averted by firewalls, patching and
security procedures.

Having
robust security is a high priority for business executives at Redwood Credit
Union. “As a financial institution, maintaining the trust of our customers is
paramount, and maintaining our reputation is huge,” says Wade Painter, CFO. “We
can’t afford to drop the ball anywhere.” The company reports
that it has suffered no financial or customer losses because of an intrusion or
attack on its systems.

Painter
adds that having multiple
layers of defense also creates resiliency in
systems. “Having a security event doesn’t necessarily mean you’ve been
compromised,” he points out, “but if you have lousy security, it could
make you susceptible to downtime. The resiliency of our systems is hugely
important to us, and being available to our customers and employees is
critical.”